Anxiety is running high as a result of Russia’s invasion of Ukraine, particularly in cybersecurity circles. The 2017 NotPetya attack was a Russian cyber-weapon fired at the Ukraine.  In 2017, NotPetya spread to FedEx, Maersk, Merck, and several other companies, and it would be naïve not to expect a spillover from the 2022 attack.  Indeed, a barrage of similar “wipers” has already been fired in 2022, and reports are circulating that some computers in Lithuania have been impacted.

Many cyber-weapons are delivered through phishing attacks, and companies can take three important steps to help prevent these attacks:

  • Send out a training reminder to all employees about spotting and avoiding phish email that may carry the malware into your environment.
  • Recognize that training will not be enough; increase filtering for malicious messages.
  • Push for multi-factor authentication for remote access to email.

Continue Reading The Ukrainian Cybersecurity Spillover Problem

Digital LockThe SEC’s Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert related to Ransomware on July 10, 2020. In the publication, Cybersecurity: Ransomware Alert, OCIE alerts companies to the increase in sophisticated campaigns orchestrated to invade financial institution networks in order to obtain confidential information and plant ransomware. The attacks generally involve perpetrators using “phishing and other campaigns designed to penetrate financial institution networks … to access internal resources and deploy ransomware.” Once the ransomware is deployed, institutions typically lose control of the ability to use and maintain the integrity of their systems and data until they pay a ransom to the attackers.
Continue Reading OCIE’s Guidance on Ransomware Attacks